B2B is based on invitation model which lets you enable access to your corporate applications from partner-managed identities. You can provide email along with the applications you want to share and send invitation to your partners, customers or anyone else who have account in Azure Active Directory. Azure AD sends them an email invite with a link. The partner user follows the link and is prompted to sign in using their Azure AD account or sign up for a new Azure AD account.

In this post I’ll try to explain how we can build an MVC application that uses Azure Active Directory Application Roles for authorization. This kind of authorization is implemented using role based access control – RBAC. When using this kind of authorization we can grant permissions to roles, not to individual users or groups. The administrator can then assign roles to different users and groups. Thanks to that he can control who has access to what content and functionality.